Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Microsoft Security Advisory: Vulnerability in Microsoft DirectShow could allow remote code execution

Microsoft Security Advisory: Vulnerability in Microsoft DirectShow could allow remote code execution

View products that this article applies to.

Introduction

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/advisory/971778.mspx


To have us workaround the issue discussed in the security advisory for you, go to the "Fix it for me" section. To work around this problem yourself, go to the "Let me fix it myself" section.

↑ Back to the top

Fix it for me

To implement the workaround that disables QuickTime parsing automatically on a computer that is running Windows 2000, Windows XP or Windows Server 2003, click the Fix this problem link under Enable workaround. To undo the workaround, click the Fix this problem link under Disable workaround. In either scenario, click Run in the File Download dialog box, and follow the steps in the Fix it wizard.


Collapse this tableExpand this table
Enable workaroundDisable workaround
Fix this problem
Microsoft Fix it 50256
Fix this problem
Microsoft Fix it 50257


Note this wizard may be in English only; however, the automatic fix also works for other language versions of Windows.

Note if you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD and then run it on the computer that has the problem.

Next, go to the "Did this fix the problem?" section.

↑ Back to the top

Let me fix it myself

To implement the workaround that disables QuickTime parsing yourself, use one of the following methods:
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756� How to back up and restore the registry in Windows

Using the interactive method

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following subkeys in the registry:
    • For 32-bit Windows systems:
      HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
    • For 64 bit Windows Systems:
      HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}

      HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
  3. On the File menu, click Export.
  4. In the Export Registry File dialog box, type Quicktime_Parser_Backup.reg, and then click Save.

    Note By default, this will create a backup of this registry key in the My Documents folder.
  5. Press DELETE on the keyboard to delete the registry key. When prompted to delete the registry key in the Confirm Key Delete dialog box, click Yes.
  6. Exit Registry Editor.

Using a managed deployment script

  1. Create a backup copy of the registry keys by using a managed deployment script that contains the following text:
    • For 32-bit Windows systems: 
      Regedit.exe /e Quicktime_Decoder_Backup.reg
HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
    • For 64 bit Windows Systems: 
      Regedit.exe /e Quicktime_Decoder_Backup.reg
HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A} 
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
  2. Copy the following text to a text file, and then save the file by using a .REG extension. For example, save the file as "Disable_Quicktime_Parser.reg":
    • For 32-bit Windows systems: 
      Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
    • For 64 bit Windows Systems: 
      Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
[-HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
  3. On the target computer, type the following command from an elevated command prompt to run the registry script:
    Regedit.exe /s Disable_Quicktime_Parser.reg

Impact of the workaround

QuickTime content playback will be disabled.

How to undo the workarounds

How to undo the interactive method
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. On the File menu, click Import.
  3. In the Import Registry File dialog box, select Quicktime_Parser_Backup.reg, and then click Open.
  4. Exit Registry Editor, and then restart the computer.
How to undo the managed deployment script
On the target computer, type the following command from an elevated command prompt to restore the original state:
Regedit.exe /s Quicktime_Parser_Backup.reg

↑ Back to the top

Did this fix the problem?

Check whether the registry key is created or modified. If the registry key is created or modified, you are finished with this article. If the registry key is not created or modified, you can contact support.

↑ Back to the top

Keywords: kbregistry, kbsurveynew, kbsecvulnerability, kbsecurity, kbexpertiseinter, kbinfo, kbfixme, kbmsifixme, kbsecadvisory, KB971778

↑ Back to the top

Article Info
Article ID : 971778
Revision : 6
Created on : 7/8/2009
Published on : 7/8/2009
Exists online : False
Views : 249